In today’s cyber security landscape database holds that most important asset of an organization. Having installed and configured firewalls, IDS and end point security, one should not expect that the database is secure and there is no way anyone can breach data. Most of the major data breach incidents of the last few years indicates that despite having installed the state of the art firewalls and other security appliances, the database got breached. [Read more…]
Investigating network security breach may seem to be a daunting task to someone who has no experience of security breach investigation. Like any other IT disciple you can handle and investigate network security breach better if you have are well-equipped with the necessary tools and techniques used by the professionals. No matter if you are a network engineer or a system administrator or even an auditor, you may confront situation in the future when you may be given a task to investigate security related breaches in your organization. [Read more…]
Almost every Internet user has their home network that every family member use to Internet access.For your home network security you can follow a few simple steps to eliminate the chances of your network being compromised. Before diving deep into the home network security issues, you may have a look at the vulnerability points in your network, including your client machine. [Read more…]
This post aims to help you familiarize with the top 15 commonly known network and system security vulnerablitis. If you are a new administrator, you can have a look at the following list.
ACLs on the border router
The ACLs you place in your router, especially in the border router, should not allow inadequate access to your other devices connected to your router. A few misconfigured router ACLs can potentially allow information leakage through ICMP, IP, NetBIOS, and lead to unauthorized access to services on your DMZ server. So, make sure your border router has appropriate ACL in place in the right interface. [Read more…]
What do we mean by data exfiltration?
First of all we need to realize that data breach and data exfiltration are two different things. In simple words, data exfiltration means unauthorized transfer of data
Your data can be transferred without your knowledge using data exfiltration techniques used by both external and internal actors and tools used by companies. [Read more…]
Massachusetts Crime Watch has developed a useful home security list that helps to enhance home security. If you are looking for simple tips to make your home safer than before, have a look at the following list. Remember that you do not need to implement all the recommendations. Have a look at the list at first and then decide which recommendation fits your needs. [Read more…]
This is a list of top 10 PHP secuirty tips that you can follow when developing your PHP based web applications.
Restrict access to administrative page
Most of the web based software have administrative page that is used to configure and to manage the software. When you install PHP based software, remember to change the script’s default directory name and also remove the installation script. Some software offer the option to installation script removal after completion of the installation process. [Read more…]
VOIP saves money if you can deploy and manage it properly, but there are certain risks that you need to take into account. As you know that VOIP is ip based voice solution and IP network is always vulnerable and point of interest to the intruders. [Read more…]
The good news for IT security professionals is that there are a number of IT security standards that they can use as a guideline when developing or implementing IT projects. Remember that these standards are well thought out and proven practices that can improve information security goals of your organization. Only the popular and globally recognized IT security standards have been presented in this post. [Read more…]
As you know that every web application becomes vulnerable when they are exposed to the Internet. Fortunately, there are a number of best practices and coutner measures that web developers can utilize when they build their apps. This post will list some proven counter measures that enhance web apps security significantly. [Read more…]
Web application security testing might seems intimidating and esoteric to many web administrator, especially to the new ones. Have you ever asked yourself why so many IT professionals ignore the security aspects of the applications? We seem to have a tendency to ignore things that is unperceivable. You become concern when something breaks or any security breach occurs in our IT systems. The truth is there a number of efficient and open source web security vulnerabilities analysis tools that you can easily earn and use to implement IT security best practices to your IT department.
This post about android security intends to give the Android users as holistic view of the phone security.
Apps: since android is an open platform and anyone can write apps and publish it in Google apps, the apps itself can contain malicious which may steal data and sensitive tips from your phone. So, when installing any app, try to check if the app has any security issues. A simple Google search may give you useful information about a particular app. to keep your android phone secure, make sure that apps you are already using has no major security concern and try to update your apps or apply the security patches to keep phone secure. [Read more…]
As online degrees is getting recognised and accepted by the employers, many students prefer to take online courses. If you are from IT background and considering to take an online master degree in IT security, this post may help you determine whether taking online master degree help you achieve your goal. If you put yourself in an employer’s shoes and think about recruiting an information security profession. Whom would you give more preference: a candidate with a normal IT degree or a candidate with a master degree in information security.
To many IT professionals, webhosting security means protecting websites from hackers and malicious codes. But most of the time we forget to consider that websites security depends on a number of components such as server , application , database, scripts etc. One of the most important aspects of webhost security is to ensure continuous operation and disaster recovery of web services. This post aims to develop a broader picture that can help you to take necessary steps to ensure your sites continuous operation. [Read more…]
From security perspective, not all types of data of an organization are equally important for successful business operation. Depending on business criticality, some data need to be more secured. The enormous computing power of cloud attracts businesses to put their data in the cloud, but many of the businesses do not have any decisive policy that defines which data to put in the cloud and what not to. This post highlights top 10 cloud security issues and risks that an organization needs to consider before migrating their mission critical data to the cloud.
Though various types of cloud are available to serve various types of customers, they all serve the same purpose-offer IT resources and services to customers accessible via web browser. The hardware and software powering the clouds always stay behind the customer’s eye-thus when we hear the term “cloud” it papers to some of us as an black box. The aim of this post to help you decide how to choose a cloud service provider, irrespective of the size of your business. The following are the list of questions that you might ask to your cloud vendor: [Read more…]
Evasion techniques evade the exiting network security devices such as signature based IPS and firewalls to enter the internal network to deliver exploits in servers. Most of the Intrusion detection and prevention system rely on attack signatures to identify malicious strings in the traffic. The strings used to evade the devices are not malicious themselves. Their main purpose is to pass through IDS without triggering alarms. [Read more…]
To secure your Yahoo mail account you need to block the doors that are easy for anyone to get access to your account. This post will help you to modify your account settings to make your mailbox safer than ever. If you are a Yahoo mail user, then you are advised to use the following settings:
- Create a sign-in seal
- How to change password
- Monitor your account activity
- Recognize suspicious mail
- Dealing with SPAM mails
- Using SSL
- Reporting to Yahoo
- Change your habit of clicking links from unknown sources
Note: Never underestimate the power of choosing strong password and change it frequently [Read more…]
If you know some simple and easy-to-use methods to check that if your computer has been hacked you can confidently work online or visit any site without much worrying about your data privacy. The good news is that there are some simple ways to check that if your system has been hacked, which works well in most of the cases.At first you need to know the ways that can be used to access your PC, from a perpetrator’s perspective. A person can enter your computer directly in your absence or he can use the Internet or network connection to connect to your system.Before reading the following tips, make sure if any of the access route to your system was vulnerable.If your answer is yes, then there is a possibility that your computer might be compromised.Take a look at the following tips to check if anyone is secretively controlling your computer. [Read more…]